Battle Heats Up Over Exports of Surveillance Technology

WASHINGTON Ayman Ammar and Rashid Albuni claimed to be computer technology distributors, operating through multiple corporations in Dubai, in the United Arab Emirates. The United States government, though, charged them with smuggling of illegally shipping American equipment to the Syrian government that can help it monitor Internet traffic and spy on dissidents.

The Syrian case, in which the two men were fined last month for violating American economic sanctions against Syria, is one of the few the Obama administration has pursued to limit authoritarian governments from acquiring technology that enables censoring, spying and hacking.

That is largely because many of the same tools that repressive governments seek from Western companies are vital for social media and other communications by political protesters and grass-roots organizers throughout the world. The software and other equipment are also used by American and other law enforcement agencies to track criminals or disrupt plots, and are needed to filter out unwanted content from most commercial and governmental networks and to keep them secure.

Such dual-use technology is now at the center of a conflict between Silicon Valley and the administration over additional restraints on technology exports. The administration signed an international agreement in 2013 that calls for new curbs on exports of advanced surveillance technology to governments with troubling human rights records. The agreement adds the technology to a longstanding arms control pact that seeks to limit weapons exports to such governments.

Some argue that the global market for such technology is emerging as a 21st century version of the arms trade. To go along with their tanks, assault helicopters and fighter jets, repressive governments are now seeking the latest routers, servers and software from Silicon Valley or Europe.

You have the professionals, the big firms that are very legitimate, and then you have some dodgy parts of the business, which, like gunrunning, is subterranean and shrouded in secrecy, said Ronald Deibert, the director of Citizen Lab at the University of Toronto, which published information that alerted the Commerce Department to the Syrian smuggling case.

The American tech industry mounted a fierce opposition after the Commerce Department issued a proposal in May for new licensing requirements on exports of technology that can be used for surveillance. The regulation was intended to abide by the 2013 pact, called the Wassenar Arrangement, signed by 41 countries, including the United States and most other major developed nations.

The administration has since quietly shelved the proposal. Computer industry executives complained that it was written so broadly that it would make it more difficult to sell a wide range of Internet-related equipment and software overseas. Even some privacy advocates thought the proposed regulation was poorly drafted and might Workforce Management hinder activists in developing countries from gaining access to the technology they need to protect their communications.

Trying to differentiate it is impossible, it really is dual-use, said Cheri F. McGuire, vice president for global government affairs for Symantec, a cybersecurity firm based in California. Trying to put controls on exports would limit the positive aspects that this technology provides to protect and secure networks.

But critics say that the tech industry in the West has for years taken advantage of the lax restrictions on such dual use technology to sell it to repressive countries.

In interviews, administration officials insist that they plan to issue a new regulation after more consultation with the tech industry, probably next year. One official explained that it was a new area of regulation and that the administration wanted to avoid unintended consequences.

The Syrian smuggling case shows how difficult it is to crack down on the flow of surveillance technology. Commerce officials learned of the illicit trading only after Canadian computer experts published findings showing that Syria was using technology from an American company, Blue Coat Systems, of Sunnyvale, Calif.

Through their smuggling operation, which began in 2010 and continued at least until 2013, Mr. Ammar and Mr. Albuni were able to ship Blue Coat equipment worth a total of $1.8 million to Syria, according to government documents in the case. (Blue Coat cooperated with the investigation, government officials said.) The two men used various corporations and operated out of some of Dubais most impressive addresses, including the worlds tallest residential building and a free-trade and technology hub.

Mr. Ammar and Mr. Albuni, of the United Arab Emirates, sought to hide the shipments by going through another distributor and listing the intended customers as Iraq, Afghanistan, Turkey, Egypt and the United Arab Emirates, all countries with records of human rights violations but that were deemed acceptable under existing United States rules. One official familiar with the investigation said the two men chose destinations that would not set off a licensing requirement.

The Obama administration has issued bans specifically on exports of surveillance technology only to Iran and Syria, while North Korea, Sudan and Cuba face export bans under broader American economic sanctions.

There isnt much regulation, or many rules on exports in this area, said Fabio Pietrosanti, founder of the Hermes Center for Transparency and Digital Human Rights, a research group in Milan. It is easy to bypass the rules for exports of surveillance technology in some countries.

Some large companies have been accused of helping repressive countries exploit such dual-use systems. For example, Cisco Systems, the firm based in San Jose, Calif., that sells devices that are crucial to the Internets backbone, has faced a lawsuit in federal court in California from members of the Falun Gong, a Chinese spiritual movement. They claimed that the company deliberately customized router equipment sold to the Chinese government, enabling it to spy on members in China. The Chinese government has engaged in a long campaign of repression against the Falun Gong, contending that the group is a cult.

The case was dismissed last year, but the plaintiffs have appealed. A Cisco spokesman said the firm did not customize our product in any way that would facilitate censorship or repression.

At the lower end of the surveillance market are small firms that provide products designed to spy on people. These firms are in the so-called lawful interception business, selling malware and spyware to the police and other law enforcement agencies in the United States and Europe, as well as to governments. The interception industry is growing rapidly, with worldwide sales estimated to reach $1.3 billion by 2019, according to Markets and Markets, a research firm.

ISS World brings together interception companies and their customers in trade shows around the world that have been nicknamed the Wiretappers Ball by critics. ISS World is owned by Telestrategies, a Virginia based firm.

One of the businesses listed as attending a recent ISS World conference in Washington was the Hacking Team, an Italian interception firm whose computers were hacked in July. Many of the firms emails were publicly released and posted on the WikiLeaks website.

An analysis by Citizen Lab concluded that the leaked documents show the Hacking Team aggressively courting authoritarian and repressive regimes. Eric Rabe, a spokesman for the Hacking Team, said the company provided software for use by law enforcement around the world for investigations of crime and terrorism, adding that the firm asked customers to sign agreements on the appropriate use of the technology.

Overlooked in the debate over how to regulate the industry is the impact of surveillance on activists struggling to change repressive governments. The harm to the individual is not very well understood, said Clara Usiskin, a researcher in London studying the effects of surveillance on nine dissidents from three countries. But it is clear that it has had a really profound effect on these peoples ability to engage in democratic activities.

One Ethiopian immigrant has filed a lawsuit in federal court in Washington, accusing the Ethiopian government of hacking his personal computer while he was living in Maryland. He filed the suit under a pseudonym to protect friends and relatives in Ethiopia. The Ethiopian government is now seeking to have the case dismissed.

They have done this a number of times against activists living abroad, the immigrant said in an interview. I have lived in this country more than 25 years, Im a U.S. citizen. He added: Now I have to be careful about what I say and write. Its a scary life.